July 5, 2018
Fraud comes in all shapes and sizes, and can manifest itself in a variety of ways, both in the US and in far-flung places around the globe. Aside from its legal consequences, penalties, and fines, fraud — or even allegations of it — can be extremely damaging to a business. The financial impact frequently includes lost revenues, legal penalties and fines, decreases in market capitalization, and what can be the costliest aspect of all: reputational damage. While there are many elements to managing your company’s risk of fraud, understanding your data is critical to minimizing fraud risks. Consider the following tips to keep your organization’s fraud risk in check:
1) Get to Know Your Data
Today’s global companies frequently have multiple, siloed systems of records in different countries or business units, with disconnected financial and documentary systems, often lacking transparency. This makes for a lot of data in systems that are not integrated and inaccessible to the main office. In some cases, companies also lack the appropriate controls to monitor activities.
Ankura’s Karyl Van Tassel says, “Companies today have vast amounts of data around the globe. The challenge is not only finding the relevant data and merging it, but also understanding how to review the data you have in a way that provides clarity to the situation at hand. It is just a black box of data until you extract the key elements.”
Understanding your data content is critical, both to establish a baseline and move forward, says Sonya Kwon. “Companies need to know what the current state of their data is, and what the trends look like over time,” says Kwon.
To reach this understanding, Kwon’s team collects information including paper records, spreadsheets, and files on various custodians, programs and machines, and data extracted out of the company’s accounting systems.
“We take all the information from disparate sources and combine and create an analytical repository in which we can run trending analysis and distill the information in a meaningful way,” explains Kwon. “Then, we model the data and use data visualization techniques to understand the patterns and gain insights about specific issues.”
This enables data experts such as Kwon and Van Tassel to take an overwhelming mountain of data, understand it, and tell a clear story about what happened.
“We cull through the data in order to answer very specific questions,” Van Tassel says. “For instance, who made money during a certain time period? Who lost money on investments? Who withdrew money at specific points in time?”
2) Look for Anomalies and Deviations
Once you understand the data available, look for patterns and movement that indicate anomalies or something happening that’s out of the ordinary. These outliers or anomalies can indicate a pattern of fraud.
To spot outliers, companies need to first have a sense of what the data should look like. This may require an industry perspective to know what’s typical — and what’s not. Alternately, if allegations have been made, it may include analyzing the data before and after the time period at issue.
What you need to look for in the data is unique to every situation and must be developed with the specific issues and output in mind. It is common to look for inordinately large amounts of money being transferred that are outside of the typical sequencing, payments that deviate from typical norms, inflated or unearned intercompany payments, etc. Depending on the issues, these items may be red flags for potential fraud. At a minimum, they’re items to examine more closely.
3) Dig Deeper on the Outliers and Anomalies
Where there are anomalies and unusual activity, take a closer look. It’s useful to classify the data by variables, to segment it, and look for meaningful differences. Some organizations use “active” or “continuous” monitoring, based on pre-established algorithms, to timely indicate risk areas.
For instance, a healthcare organization typically has millions of lines of entries of what’s being billed to a provider. “We’d examine this data and make sense of the trends. Do we see upcoding, in which billers use a CPT code for a more expensive service than was performed? Is the volume for a certain kind of procedure higher than compared to similar areas or industry expectations? Separately each anomaly we find may not be interesting, but together they may signal there’s a potential problem,” says Van Tassel.
4) Assess and Prioritize Risks
In addition to examining the data, it is sound business practice to conduct a comprehensive risk assessment to identify the areas that are most at risk for fraud within your business.
- Which areas are most vulnerable to error or fraud?
- Which assets are the most likely to be targeted for theft, loss, or misuse?
- Which business units are most at risk for compliance or regulatory missteps?
- What types of information are you storing that are private to customers, yet could be beneficial to others outside of your organization?
In addition to asking these important questions, it’s also useful to develop and adopt a decision protocol that can flag potentially fraudulent data points. Using probability theory and artificial intelligence methods, a risk assessment protocol sets parameters for when the fraud detection system will notify leaders of a potential fraud.
Debra Aron, managing director of disputes and economics with Ankura, notes, “We apply probability theory to decide whether patterns would arise naturally in data as part of its random variation or whether patterns we identify in the data are indicative of fraud.” These identified patterns can provide focus for further investigation in a litigation setting, and the same techniques can be used to establish an ongoing protocol for identifying future potential fraudulent behavior.
For example, Aron explains that her team has applied these techniques to millions of telephone call records to determine whether there is evidence of telephone call “spoofing,” a practice sometimes used to defraud consumers by causing misleading caller ID information to be displayed. “The challenge is to stay a step ahead of the fraudsters, who can change their call patterns readily, as well as to apply proper probability analysis to recognize and account for the fact that randomness will produce some patterns in data,” says Aron.
For better and for worse, the massive amounts of financial and other data that companies have in various systems may be used to prove a case against them in the case of litigation or an investigation. But, understanding how the data will be analyzed, what it tells you, and whether data controls have been tested to determine if the controls are working as proposed, can save time, money, and possibly, your company.